cleanup files and folders

tasks/section1.yml

@@ -73,21 +73,6 @@
       - rule_1.1.1.5
       - hfsplus
 
-#- name: "SCORED | 1.1.1.6 | PATCH | Ensure mounting of squashfs filesystems is disabled"
-#  lineinfile:
-#      dest: /etc/modprobe.d/CIS.conf
-#      regexp: "^(#)?install squashfs(\\s|$)"
-#      line: "install squashfs /bin/true"
-#      create: yes
-#  when:
-#      - ubuntu1604cis_rule_1_1_1_6
-#  tags:
-#      - level1
-#      - scored
-#      - patch
-#      - rule_1.1.1.6
-#      - squashfs
-
 - name: "SCORED | 1.1.1.6 | PATCH | Ensure mounting of udf filesystems is disabled"
   lineinfile:
       dest: /etc/modprobe.d/CIS.conf
@@ -103,21 +88,6 @@
       - rule_1.1.1.6
       - udf
 
-#- name: "SCORED | 1.1.1.8 | PATCH | Ensure mounting of FAT filesystems is disabled"
-#  lineinfile:
-#      dest: /etc/modprobe.d/CIS.conf
-#      regexp: "^(#)?install vfat(\\s|$)"
-#      line: "install vfat /bin/true"
-#      create: yes
-#  when:
-#      - ubuntu1604cis_rule_1_1_1_8
-#  tags:
-#      - level1
-#      - scored
-#      - patch
-#      - rule_1.1.1.8
-#      - vfat
-
 - name: "SCORED | 1.1.2 | PATCH | Ensure separate partition exists for /tmp | enable and start/restart tmp.mount"
   copy:
     src: "{{ tmp_mount_file[ansible_os_family] }}"
@@ -382,33 +352,6 @@
       - rule_1.2.3
       - notimplemented
 
-#- name: "NOTSCORED | 1.2.4 | PATCH | Ensure Red Hat Network or Subscription Manager connection is configured"
-#  command: /bin/true
-#  changed_when: no
-#  when:
-#      - ansible_distribution == "RedHat"
-#      - ubuntu1604cis_rule_1_2_4
-#  tags:
-#      - level1
-#      - notscored
-#      - patch
-#      - rule_1.2.4
-#      - notimplemented
-
-#- name: "NOTSCORED | 1.2.5 | PATCH | Disable the rhnsd Daemon"
-#  service:
-#      name: rhnsd
-#      state: stopped
-#      enabled: no
-#  when:
-#      - ansible_distribution == "RedHat" and rhnsd_service_status.stdout == "loaded" and not ubuntu1604cis_rhnsd_required
-#      - ubuntu1604cis_rule_1_2_5
-#  tags:
-#      - level2
-#      - notscored
-#      - patch
-#      - rule_1.2.5
-
 - name: "SCORED | 1.3.1 | PATCH | Ensure AIDE is installed"
   apt:
       name: aide
@@ -491,21 +434,6 @@
       - rule_1.4.2
       - notimplemented
 
-#- name: "SCORED | 1.4.2 | PATCH | Ensure bootloader password is set"
-#  copy:
-#      dest: /boot/grub2/user.cfg
-#      content: "GRUB2_PASSWORD={{ grub_pass.passhash }}"
-#  notify: generate new grub config
-#  when:
-#      - ubuntu1604cis_set_boot_pass and grub_pass is defined and grub_pass.passhash is defined and grub_pass.passhash != ''
-#      - ubuntu1604cis_rule_1_4_2
-#  tags:
-#      - level1
-#      - scored
-#      - grub
-#      - patch
-#      - rule_1.4.2
-
 - name: "NOTSCORED | 1.4.3 | PATCH | Ensure authentication required for single user mode"
   command: /bin/true
   changed_when: no

tasks/section5.yml

@@ -270,18 +270,6 @@
       - patch
       - rule_5.2.10
 
-#- name: "SCORED | 5.2.11 | PATCH | Ensure only approved ciphers are used"
-#  lineinfile:
-#      state: present
-#      dest: /etc/ssh/sshd_config
-#      regexp: '^Ciphers'
-#      line: 'Ciphers aes256-ctr,aes192-ctr,aes128-ctr'
-#  tags:
-#      - level1
-#      - level2
-#      - patch
-#      - rule_5.2.11
-
 - name: "SCORED | 5.2.11 | PATCH | Ensure only approved MAC algorithms are used"
   lineinfile:
       state: present

tasks/section6.yml

@@ -311,17 +311,6 @@
       - patch
       - rule_6.2.12
 
-# - name: "SCORED | 6.2.13 | PATCH | Ensure users' .netrc Files are not group or world accessible"
-#   file:
-#       mode: 0600
-#       dest: "~{{ item }}/.netrc"
-#   with_items: "{{ users.stdout_lines }}"
-#   tags:
-#       - level1
-#       - level2
-#       - patch
-#       - rule_6.2.13
-
 - name: "SCORED | 6.2.14 | PATCH | Ensure no users have .rhosts files"
   file:
       state: absent